[PATCH] cpukit/mghttpd/mongoose: Fix format truncation warning

Joel Sherrill joel at rtems.org
Wed Sep 16 13:42:36 UTC 2020


snprintf() is a safe method and I strongly disagree with the blanket
replacement of many safe methods with memcpy().

Based on what POSIX profiles snprintf() is included in and the safety and
security requirements those profiles are designed to meet, snprintf() is
supported by RTOSes that can meet DO-178 Level A.

If the POSIX method being reviewed is in the FACE Safety Base or Safety
Extended profile, then it is OK to use and has been used in flight
qualified applications. And that is a general statement meaning running on
any of a variety of RTOSes. If the usage is incorrect, let's fix it but
blanket changing them is wrong.

--joel

On Wed, Sep 16, 2020 at 12:57 AM Chris Johns <chrisj at rtems.org> wrote:

> On 16/9/20 2:36 pm, Sebastian Huber wrote:
> > On 16/09/2020 05:59, Chris Johns wrote:
> >
> >>> +       mount_path = malloc(strlen(buf) + 1 + sizeof(gz_path);
> >>> +       if (mount_path != NULL))
> >>> +        strlcpy(mount_path, ".gz", sizeof(mount_path));
> >>> +      }
> >>> +          snprintf(gz_path, sizeof(gz_path), "%s.gz", buf*)
> >>> +*/
> >> Sorry I am not reviewing these changes any more.
> > Sorry Chris, this is my fault. I was not clear enough to communicate
> that this
> > patch set should first go through an internal review before we send it
> to the
> > mailing list.
>
> All good. I wanted the record to show what happened to the patches.
>
> Chris
> _______________________________________________
> devel mailing list
> devel at rtems.org
> http://lists.rtems.org/mailman/listinfo/devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20200916/0d9bcc3b/attachment.html>


More information about the devel mailing list